Noted, I'll hit 'reply-all' from now on.
Looking over those links you sent me, I've decided to:
- Ran 'ipa user-show $user' and verified the certificate returned
- Ran 'ipa certmap-match cert.pem' on an extracted certificate that is
also on the SmartCard, it returned my user.
- Ran 'kinit' and it reacted to my smartcard being present, asking for a
PIN along with my username being displayed, giving the default pin of
'123456' it returned an error I haven't been able to decipher yet:
'*kinit: KDC policy rejects request while getting initial credentials*'
I think this is the current blocking point in the authentication
process, any ideas what it fully means? My google-fu has failed me here.
On 1/25/23 12:39, Rob Crittenden wrote:
r0nam1 wrote:
> So far it's a lot of 'I thinks'. I think I've configured OpenSC and
> pcscd correctly, I think I've configured SSSD correctly, and I think
> I've configured PAM correctly, if you can give me a list of relevant
> logs or test commands (Even full directory's of logs) I'll do what I can.
Please keep responses on the list.
The log to see depends on the behavior.
Some additional readings (some are rather old but still relevant):
https://floblanc.wordpress.com/?s=smart
https://frasertweedale.github.io/blog-redhat/posts/2016-08-12-yubikey-sc-...
rob